Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
64.227.175.166 has a threat confidence score of 99%. This IP address from India (AS14061, DigitalOcean, LLC) has been observed in 24 honeypot sessions targeting SSH protocols. Detected attack patterns include pci and nvidia gpu identification with host metadata, dual source gpu validation with host context. First observed on March 28, 2026, most recently active March 28, 2026.
Execution of uname -s -v -n -r -m to collect kernel and architecture details, uptime -p for system uptime, lspci queries to extract and count VGA-class PCI devices, and nvidia-smi -q filtering for product name to identify NVIDIA GPU models. This pattern reflects layered GPU identification using both PCI enumeration and NVIDIA driver-level queries, combined with basic host system metadata collection.
Combined execution of lspci (VGA and 3D controller extraction and device count) and nvidia-smi -q (product name extraction and non-empty count validation), together with kernel/architecture (uname -s -v -n -r -m) and uptime collection. This pattern reflects cross-validation of GPU presence using both PCI-level and NVIDIA driver-level queries, enriched with host system context.
Identifies SSH sessions where the actor performs structured hardware reconnaissance including CPU core enumeration, GPU detection via nvidia-smi, VGA/3D controller inspection via lspci, system uptime queries, and kernel/architecture fingerprinting to assess computational capabilities of the compromised host.